Sven Morgenroth Talks About PHP Object Injection Vulnerabilities on Paul's Security Weekly Podcast

Category: Web Security Readings - Last Updated: Thu, 20 Dec 2018 - by Allen Baird
Sven Morgenroth Talks About PHP Object Injection Vulnerabilities on Paul's Security Weekly Podcast

In episode #584 of Paul's Security Weekly, Sven Morgenroth, a Netsparker security researcher, discusses PHP Object injection vulnerabilities and explains the dangers of PHP's unserialize function. Sven provides background on PHP Objects, demos how to write an exploit for a PHP Object Injection vulnerability, and explains how to prevent them. Read More

End of Support for PHP 5 and PHP 7.0

Category: Web Security Readings - Last Updated: Tue, 18 Dec 2018 - by Allen Baird
End of Support for PHP 5 and PHP 7.0

At the end of 2018, PHP will stop security updates and support for some of its previous versions. This will expose hundreds of millions of websites to serious risk in terms of sites hacked, user details stolen, and massive fines. You need to update, and use systems that allow you to deploy only new versions of PHP by default. Read More